Drew Harwell, reporting for The Washington Post:
Apple said in a statement that “the federal government had
prohibited us from sharing any information” about the requests and
now that the method had become public, it was updating its
upcoming transparency reports to “detail these kinds of requests.”
Apple’s Law Enforcement Guidelines, the company’s rules
for how police and government investigators should seek user
information, now note that a person’s Apple ID, associated with a
push-notification token, can be “obtained with a subpoena or
greater legal process.”
Neither Wyden nor Apple detailed how many notifications had been
reviewed, who had been targeted, what crimes were being
investigated or which governments had made the requests.
Law enforcement agents can issue subpoenas on their own, so there’s no oversight here. Google, on the other hand, requires a court order:
For U.S. requests of push notifications and other non-content
information, Google said it requires a court order, not just a
subpoena, that is subject to judicial oversight. With such orders,
federal officials must persuade a judge that the requested data is
relevant and material to an ongoing criminal probe.
Score one for Google here.
Update, 11 December 2023: Apple has updated its guidelines and now requires a court order as well.
★ Wednesday, 6 December 2023